Authorize.Net with Accept.js (ecommerce only)

Modified on Tue, 27 Feb 2024 at 09:33 AM

Signing up:

Authorize.NET is a popular payment gateway. Getting an Authorize.NET account is easy enough, just talk to their reps about your best option.

Obtaining your API Login and Transaction Key

  1. Login to your Authorize.Net account.

  2. Navigate to Account - Settings - Security Settings - API Credentials & Keys.

  3. Obtain your API Login ID and generate a Transaction Key if you have not already been provided one from Authorize.Net.

Enabling the Authorize.Net Gateway

  1. In the admin console, go to Configuration > Site Setup Wizard.

  2. In the Payment Gateway section, click the configure link next to the Authorize.Net entry.

  3. Enter the values you obtained from Authorize.Net for the Login and Transaction Key.

  4. Click Save and Close.

  5. Finally, click the radio button next to Authorize.Net and then click the Save button.

Enabling the Authorize.Net Gateway with Accept.js

Accept.js is a JavaScript-based solution for sending secure payment data directly to Authorize.Net. The Accept JavaScript library intercepts the payment data before it is passed to your server and instead submits it directly to Authorize.Net, which replaces it with a one-time-use token. This allows you to achieve the PCI DSS SAQ-A level when hosted by a PCI certified Service Provider (such as Vortx).


eChecks (ACH) can also now be enabled through the Accept.js , simply select the option "E-Checks through supported gateway" in the Configuration - Site Setup Wizard - Credit Cards & Other Payment Methods section.

Generating and Using the Public Client Key
You must first generate a merchant identifier (Client Key) that is entered in your Site Setup Wizard > Accept.js configuration, along with your existing API Login key and Transaction Key.

To generate the Client Key, you must first log into your Authorize.Net account in the Merchant Interface and navigate to:

Account (tab) > Settings (left menu option) > Security Settings (sub-area) > General Security Settings (sub-sub-area) > Manage Public Client Key (link)

If the Public Client Key is present, then it has already been generated and you can access it to copy into your Client Key field for the Accept.js configuration in your admin Site Setup Wizard. If the Client Key does not yet exist, you will be prompted to answer your security question before generating the key.


NOTE: The Accept.js configuration has separate fields for Test and Live account credential keys.

  1. In the AspDotNetStorefront admin console, go to Configuration > Site Setup Wizard.
  2. In the Payment Gateway section, click the configure link next to the Accept.js entry.
  3. Copy your API Login Key and Transaction Key from your Authorize.NET configuration into the appropriate fields for the Accept.js configuration.
  4. Copy your Public Client Key from your Authorize.NET account into your appropriate Client Key fields for the Accept.js configuration.

  1. Click Save and Close.

  2. Finally, click the radio button next to Accept.js and then click the Save button.


  • If you wish to test non-live transactions using your production/live Authorize.NET account, then you need the following settings:
    •  Use Live Transactions YES (TRUE) ( Site Setup Wizard )
    • In your Authorize.NET account, go to Account (left menu) - Settings - Security Settings (section) - General Security Settings (sub section) - Test Mode, and set the account to "Test" mode.
    • Test order transactions submitted to the account will create an error notice on checkout (no order created) if the setup and connection are successful:
      "The payment gateway account is in Test Mode. The request cannot be processed."
    • This will take the account out of LIVE mode (unable to process live transactions), so make sure it is not being used by another storefront or app.
  • If you wish to test full functionality (transactions record in the Authorize.NET account and coordinate with the cart as if live), you will need a sandbox account (check with Authorize.NET to get one setup)
    • Configure the gateway the same as above using the Authorize.NET SANDBOX account credentials.
    • Use Live Transactions YES (TRUE) ( Site Setup Wizard )
    • COPY the URL from the value in Configuration - Settings - AUTHORIZENET_TEST_SERVER
    • PASTE the URL into the value for the Configuration - Settings - AUTHORIZENET_LIVE_SERVER , using the store-specific field and Save, so the "Default for All Stores" remains intact. This store-specific setting will override the Default For All Stores while testing, allowing the store to send "live" mode transactions to the sandbox account.
    • In your Authorize.NET SANDBOX account, go to Account (left menu) - Settings - Security Settings (section) - General Security Settings (sub section) - Test Mode, and set the account to "Live" mode.
    • Since this is a Sandbox account, orders will NOT create actual live transactions, so use test credit card numbers such as:
      • VISA 4111 1111 1111 1111 CVV 123 (or any 3 digit)
      • MC 5454 5454 5454 5454 CVV 555 (or any 3 digit)
      • AmEx 3700 000000 00002 CVV 1234 (or any 4 digit)
      • Any valid date will work.
    • To revert the store to use a actual LIVE production account, make these changes:
      • DELETE the store-specific version of the Configuration - Settings - AUTHORIZENET_LIVE_SERVER
      • Configure the LIVE production account credentials for the Authorize.NET payment gateway in the Site Setup Wizard and Save.


  •  "The merchant login ID or password is invalid or the card is inactive." This means that you either have a credential incorrect (Login and/or Transaction Key) in your Site Setup Wizard Authorize.NET configuration, or the account type you are accessing is not matching the Use Live Transactions setting.
    • When Use Live Transactions is YES (true), then it is accessing the live production servers (unless you setup testing as above, so check the Configuration - setting)
    • When Use Live Transactions is NO (false), then it is accessing the sandbox servers 
  • Authorize.Net CIM requires a unique customer ID per gateway account for each customer that it is saving data for. Those IDs come from your storefront. This means that if you are testing this functionality on multiple sites with different databases, you must use a different customer for testing on each site.
  • CIM will only work on an Authorize.Net account that is set to live mode. You can enable CIM testing by setting the AUTHORIZENET_Cim_UseSandbox Setting to true, but the main account must be live. You can do this in your Authorize.Net Account - Settings - Security Settings - General Security Settings - Test Mode.
  • Issue: Orders Listed In Failed Transactions On The Admin Site, But Show As Authorized On The Gateway Site When Using Authorize.Net

    When using Authorize.Net as the gateway, some orders are placed in the failed transaction log but show as authorized or captured on the Authorize.Net website or in your transaction reports.

    This is caused by Authorize.Net’s Advanced Fraud Detection Suite marking the order for review. AspDotNetStorefront is not compatible with their Advanced Fraud Detection Suite, and therefore a transaction that is received that does not contain a response code of 1 (approved) will be marked as a failed transaction and the order will not be completed. An order that is marked for review by Authorize.Net returns a response code of 4, which is seen as a failure.

    To avoid potential duplicate charges or authorizations, AspDotNetStorefront recommends disabling the Advanced Fraud Detection Suite on your Authorize.Net account.  Our recommendations for eliminating fraud include implementing the MaxMind anti-fraud service and manually reviewing each transaction before capturing payment or shipping product to the customer.  AspDotNetStorefront can also be configured to fail transactions that reach certain fraud risk threshold based on the MaxMind score.  By using MaxMind, you receive the benefits of fraud protection while having full integration with AspDotNetStorefront’s admin site.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article